Hi Giwenn, what are the attributes of your self-signed certificate, especially the CommonName (CN) and optionally the AltSubjName?
In your first message, it looks like it was CN=10.22.5.24:9000, which is wrong (it has to be the host name of the Graylog node, i. e. CN=10.22.5.24 or CN=graylog.example.com). Cheers, Jochen On Thursday, 2 February 2017 16:48:43 UTC+1, Giwenn Launay wrote: > > Hi Jochen, > > > Here are the commands that I pass to put my server graylog in HTTPS: > > 1- > > openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem > -out graycert.pem > > 2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem > > 3- configuration this server.conf: > > rest_enable_tls = true > rest_tls_cert_file = /path/to/graycert.pem > rest_tls_key_file = /path/to/graylog-key.pem > web_enable_tls = true > web_tls_cert_file = /path/to/graycert.pem > web_tls_key_file = /path/to/graykey.pem > > I have not set a password for the keys yet. > > 4 - keytool -importcert -keystore > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts > -storepass changeit -alias graylog-self-signed -file graycert.pem > > 5 - Verify that the certificate has been added: > > keytool -keystore > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts > -storepass changeit -list | grep graylog-self-signed -A1 > > answer: > graylog-self-signed, 2 févr. 2017, trustedCertEntry, > Empreinte du certificat (SHA1) : > 78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08 > > 6- Addition of the instruction in the jvm trust: > > GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts" > > 7- restart the server > > > The error message appears when connecting to the web page. The inputs and > outputs do not work, they are in not running mode. > Is my configuration good? > > Thank =) > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1656783b-f336-4d0a-83b2-f7e363454bc5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
